Electronic device provided with cryptographic circuit and method of establishing the same

ABSTRACT

The present invention provides for an electronic device having cryptographic computation means arranged to generate cryptographic data within the device for enhancing security of communications therewith, the device including an onboard power supplying means arranged to provide for the driving of the said cryptographic computational means, and so as to provide a device by way of a manufacturing phase and a post manufacturing phase arranged for distribution and/or marketing of the device, and wherein the step of generating the cryptographic data occurs during the post manufacturing phase.

The present invention relates to an electronic device arranged toexhibit cryptographic security features and to a related method ofestablishing the same.

In the recent past, an increase in the desire to protect not only thecontent of communications traffic between entities but also to ensurethe correct targeting and retrieval of such information has increasedadoption of security features, and in particular such features based onpublic key cryptography within consumer electronic devices. A commonform of such a security arrangement comprise public key cryptographictechniques which allow for an electronic device to prove its identity,and to agree session keys, so as to participate in a securecommunication over a particular network thereby allowing secureprotection of the content being transmitted from, or received by, thedevice.

As noted above, in addition to providing protection for the actualcontent being transmitted, similar approaches to security can beemployed in order securely to associate such content with individualdevices so as to support “digital rights management” arrangements inwhich, for example, an audio file can be retrieved and played only on adevice belonging to the legitimate purchaser of said file.

A common feature of such a system employing cryptographic techniques isthe need to provide the device with a securely embedded public/privatekey pair. As is known, the private key is generally used to apply adigital signature to outgoing messages, or to decrypt targeted incomingmessages or other communication content.

The so-called public key is arranged to be provided to third parties toallow for verification of messages signed by the device, and to allowfor the encryption of messages targeted at the device.

In this scenario, there is a significant amount of trust that must beplaced with the public key and this is normally achieved by requiringthat the public key is digitally signed by an appropriate certificationauthority. The resulting combination of the public key and signature asprovided by the certification authority then forms a device certificate.Such authenticating certificate is readily verifiable by any third partythat has been provided with the appropriate public key of thecertification authority.

For devices employing a public key arrangement, the device certificateis generally installed within the device at the time of its manufactureand in accordance with either of the two following arrangements.

First, the certification authority creates a public/private keypair, andthe certificate associated with the device, on a dedicated computersystem, and the appropriate information can then be programmed into thedevice at a late stage in its manufacture and so prior to itsdistribution into the relevant market.

As an alternative, the device itself can be arranged to create its ownpublic/private keypair by internal processing during its manufacturingphase, and then subsequently to emit the public key for signing by thecertification authority so as to create the device certificate. Thedevice certificate is then again installed in the device at a late stagein its manufacture.

The latter of the two arrangements noted above in which the devicecreates its own public/private keypair by internal processing offersadvantages since a higher level of security can be achieved. As will beappreciated, since the private key of the device can be arranged to becreated wholly within the secured hardware domain of the device, it neednever be exposed and, as noted, it is only the public key that need beemitted for signature by the certification authority.

However, in arriving at such an advantageously higher degree ofsecurity, disadvantages have been identified in that the internalprocessing required adds significantly to the device serialisation timearising during the manufacturing stage. Also, the internal processingthat generates the public/private keypair, particularly in situations inwhich the RSA public key system is employed, can take in the region ofmany tens of seconds, or even minutes, especially if the particulardevice has constrained computational ability in view of it beingdesigned for low power consumption, for example a portablecommunications device. Potentially problematic delays are thenexperienced during device production.

Yet further, it is envisaged that many future devices will be arrangedto operate within relatively small authorised domains, for examplewithin a particular household, in which the device can associate itselfwith other devices in close physical proximity during its initial periodof use. There is a realization that members of such domains maysubsequently become separated geographically, and so require securecommunication over public networks.

Within such authorised domains these devices are arranged to operate ona so-called “web-of-trust” principle in which trusted links are allowedonly with other devices belonging to that same domain. One commonlyknown arrangement employing the “web-of-trust” concept is the operatingmode of security software known as “PGP”.

Within such a “web-of-trust” arrangement, the devices no longer have toemploy a hierarchical public key infrastructure, since they need only tohave been provided with identifiers and a key pair before the firstpoint of usage within the domain. The generation of a keypair howevertherefore remains an important consideration even in such arrangementswhich do not use a classic hierarchical public key infrastructure.

The present invention seeks to provide for an electronic device offeringcryptographic security, and a method of establishing the same, and whichhave advantages over known such systems in which the cryptographic datais to be generated internally within the device.

According to a first aspect of the present invention there is providedan electronic device having cryptographic computation means arranged togenerate cryptographic data within the device for enhancing security ofcommunications therewith, the device including an onboard powersupplying means arranged to provide for the driving of the saidcryptographic computational means.

Through employing an onboard power supplying means, the cryptographiccomputational means can be arranged advantageously to generate thecryptographic data subsequent to the manufacturing of the device and, inparticular, during the phases when the manufactured device mightotherwise be laying dormant, i.e. prior to, during and just afterpackaging, and during transportation and shipment for eventual retail.Employment of an onboard power supply so as to allow for thepost-production generation of the cryptographic data thereforeadvantageously reduces production costs and delays by removing theserialisation step from the manufacturing phase of the device.

Also, since relatively long periods may be available for such processingby the cryptographic computational means so as to generate thecryptographic data, a relatively high standard of security can thereforebe achieved.

It will be appreciated that the invention therefore provides, inaddition to the technical advantages as compared with the prior-artrequirements for serialisation during production, additional advantagesin that the cryptographic data and the related serialisation can beselectively initiated only in relation to device that have a higherprobability of actually being sold and this can vastly reduce processingsteps that might otherwise be wasted on eventually unsold devices.

The features of Claims 2-5 relate to particularly advantageousarrangements in which the power supplying means can be selectivelyactivated as required and can also form part of the principal powersupplying means arranged for future normal operation of the device so asto advantageously reduce potential duplication of power supplementswithin the device.

The features of Claims 6 and 7 are advantageous in ensuring that themaximum advantages can be achieved by the present invention whilstminimising disruption to the manufacturing-retail cycle.

According to another aspect of the present invention there is provided amethod of establishing cryptographic data within an electronic device,and comprising the steps of generating cryptographic data within thedevice for enhancing security of communications therewith, and underpower provided by means of an onboard power supplying means.

The feature of Claim 13 is particularly advantageous in allowing forcontrol of the commencement of the internal generation of thecryptographic data and in relationship with the packaging and/ortransportation of the device.

According to yet another aspect of the present invention, there isprovided a method of providing a device with cryptographic data andincluding a manufacturing phase and a post manufacturing phase arrangedfor distribution and/or marketing of the device, and including the stepof generating the cryptographic data during the post-manufacturingphase.

The feature of Claim 19 is particularly advantageous in allowing forauthentication of a public key subsequent to packaging of the device.

The invention is described further hereinafter, by way of example only,with reference to the accompanying drawings in which:

FIG. 1 is a schematic block diagram of an electronic device embodyingthe present invention; and

FIG. 2 is a flow diagram illustrating operation of a device such as thatin FIG. 1 in accordance with an embodiment of the present invention.

Turning now to FIG. 1, there is illustrated an electronic device in theform of a mobile phone 10 which, in accordance with its normal mode ofoperation, is required to transmit and receive secure communicationsignals by way of its antenna 12.

The mobile phone 10 includes standard electronic circuitry and which isnot illustrated in detail in the drawing with the exception of atransmitting/receiving section 14, timebase control section 16 and arechargeable battery 18 for powering normal use of the phone.

In addition, the mobile phone 10 includes a cryptographic generationsection 20 arranged for generating public/private keypairs as part of apublic key cryptographic arrangement and which, in accordance with theillustrated embodiment of the present invention, is arranged to bepowered for such operation by means of a disposal battery 22 which canbe readily inserted in, and removed from, the mobile phone 10.

Such insertion of the disposable battery 22 is arranged to initiateoperation of the cryptographic generation section 20 as required.However, as an alternative, switch means can be included 24 so as toallow for the selected initiation of the cryptographic generationsection 20 by means of the disposable battery 22.

The mobile phone 10 as illustrated has been designed from therecognition that, with regard to such devices, the time spent by theproduct during its packaging, distribution and retailing phases canusefully be employed for cryptographic computation measures so that suchmeasures are then removed from, and therefore simplify and expedite, themanufacturing phase.

Thus, the device 10 can be manufactured and, as illustrated, fitted witha disposable battery 22 and then steps taken to initiate thecryptographic computation within the cryptographic generation section 20shortly prior to packaging and distribution and without any externaldevice serialisation for cryptographic purposes.

As an alternative, the disposable battery 22 can be omitted andpredetermined amount of charge provided to the rechargeable battery 18of the mobile phone 10, which predetermined amount of charge issufficient to drive the cryptographic computation within the section 20during the device's post-production phase. Production costs and relateddelays are therefore advantageously removed by means of theaforementioned serialisation steps.

Dependent upon the marketing/transport route taken by the device, days,or even possibly weeks, will be available for the product to perform itsown keypair generation internally within the cryptographic generationsection 20. The product design and key generation algorithms are ofcourse advantageously selected so as to ensure that such cryptographiccomputation processors will be completed by the time the product is madeavailable to the end customer.

An associated advantage arises here in that, in allowing for relativelylong processing periods, i.e. at least days instead of minutes ascurrently available, the cryptographic processes can be performed to ahigher standard of security than would be economically viable were suchprocesses to be executed during the latter stages of the productionphase as currently occurs.

Yet further, it becomes advantageously possible to control the frequencyof operation of the processing elements of the cryptographic generationsection 20 so as to ensure only low power consumption, and thus low heatdissipation and radiation etc. once the product has been packaged andduring its transit to, for example, its retail location.

Turning now to FIG. 2, there is provided a block flow diagramillustrating a method according to an embodiment of the presentinvention.

The method commences at a block 24 with the actual manufacture of thedevice, for example a mobile telephone 10 of FIG. 1, and then proceedsinto a post-manufacturing phase at block 26 at which the cryptographiccomputation is activated by means of the disposable battery 22 so as togenerate internally within the device, a public/private keypair at block26.

Subsequent to initiation of the cryptographic processing, and while suchprocessing is ongoing, the device is packaged at block 28 andsubsequently transported at block 30 to its retail location identifiedby block 32.

In accordance with the embodiment illustrated by reference to FIG. 2,the mobile phone 10 exhibits a requirement for operation that requiresits public key to be signed into a digital certificate by acertification authority and this is illustrated at block 34. This stepin the process can be provided at the point of sale of the mobile phone10.

Such a feature serves to illustrate a particular further advantage ofthe present invention in that, in addition to the technical advantagesarising as compared with the serialisation as currently occurring duringproduction and as noted above, commercial and economic advantages arisein that the serialisation now occurring in accordance with the presentinvention need only occur shortly prior to the actual sale of thedevice. This ensures that device serialisation effort is not then wastedon unsold devices.

In accordance with another embodiment of the present invention, if theproduct concerned is to be used wholly with an authorized domain, it canthen be arranged to conduct whatever “web-of-trust” associations areneeded during its initial period of operation shortly after retailing,for example after being unpacked by the end customer. In this scenario,the certification block 34 illustrated in FIG. 2 is replaced by a mere“initial use” block.

As will therefore be appreciated from the above, the present inventionis advantageous in reducing production costs and production times, ofportable devices by removing the need to conduct cryptographicserialisation at a late stage in the production phase of the device. Thetime spent by the product in its distribution and retailing phases isadvantageously utilised by allowing the device to perform internalcryptographic keypair generation whilst packaged.

As discussed above, the device can then be put into service immediatelyby an end customer subsequent to purchase if it is to be used in a“web-of-trust” authorised domain. However, if operation device requiresa digital certificate issued by a digital certification authority, thenthe certificate can be create and installed in the device at the pointof sale.

The invention is not restricted to the details of the foregoingembodiments. For example, it should be appreciated that the device andmethod of the present invention can be incorporated within anyappropriate device, and in particular a mobile device requiring securityof communication and/or connectivity.

Also, reference to communication is not restricted to electroniccommunication. For example, one might have a portable disc player devicethat generates its own keypair according to the invention, has itspublic key read and registered at a trustworthy point of sale such thatno certificate is created or installed. The user can then receivespackaged media, such as CD-R discs, through the postal system or otherphysical form of transport and delivery.

The invention claimed is:
 1. An electronic device having: acryptographic computation circuit configured to generate cryptographicdata, that includes a key pair with both a public key and a private key,within the electronic device for enhancing security of communicationstherewith; an onboard power supply circuit; and a power control circuitcoupled to the onboard power supply circuit and configured to selectablyprovide a first electrical connection between the power supply circuitand the cryptographic circuit and, independent of the first electricalconnection, selectably provide one or more additional electricalconnections between the power supply circuit and other circuits of theelectronic device, the power control circuit configured to inhibit powerto the other circuits until the generation of the cryptographic data iscomplete.
 2. The electronic device as claimed in claim 1, wherein thepower control circuit is configured to disable power to thecryptographic circuit while the onboard power supply circuit powersother circuits in the electronic device.
 3. The electronic device asclaimed in claim 1, wherein the onboard power supply circuit comprises abattery.
 4. The electronic device as claimed in claim 1, wherein theonboard power supply circuit comprises a disposable temporary powersupply circuit.
 5. The electronic device as claimed in claim 1, whereinthe onboard power supply circuit comprises an at least part chargerechargeable power supply circuit.
 6. The electronic device as claimedin claim 1, wherein the cryptographic computation circuit is arranged togenerate the key pair in response to an application of power from saidonboard power supply.
 7. The electronic device as claimed in claim 6,wherein the power control circuit is configured to power thecryptographic computation circuit during transportation of theelectronic device.
 8. The electronic device as claimed in claim 1,further including a wireless transmitting/receiving section and atimebase control section, wherein the electronic device is configured tooperate the cryptographic computation circuit at a frequency ofoperation that uses more than a day to generate the key pair, therebycontrolling power consumption and heat dissipation.
 9. The electronicdevice as claimed in claim 8, wherein the cryptographic computationcircuit is arranged to generate a public/private key pair that iscompatible with RSA.
 10. The electronic device as claimed in claim 9 andarranged such that the public key can be made available forcertification purposes.
 11. The electronic device as claimed in claim 1,wherein the cryptographic computation circuit is configured to generatethe key pair in response to an initial user start-up cycle for operationwithin an authorized domain, based upon devices in communication withthe electronic device during a specified time period for initialstartup.
 12. A method of establishing cryptographic data within a mobiledevice comprising the steps of: in an integrated circuit of the mobiledevice having an onboard power supply and a cryptographic circuitselectively coupling power from the power supply to the cryptographiccircuit to activate the cryptographic circuit, and in response toactivating the cryptographic circuit, generating cryptographic data withthe cryptographic circuit, the cryptographic data including a key pairwith both a public key and a private key, and configuring the mobiledevice to complete the generating of the cryptographic data prior tooperating the device in a normal mode of operation in which atransceiver circuit of the mobile device is operated.
 13. The method asclaimed in claim 12, wherein the selectively coupling power from thepower supply to the cryptographic circuit to activate the cryptographiccircuit is initiated by an internal circuit configured to activate thecryptographic circuit independently from any external user input. 14.The method as claimed in claim 12, wherein the step of generating thecryptographic data including cryptographic key information isimplemented at a low frequency of operation whereby the generation ofthe cryptographic data spans a time period of more than a day.
 15. Themethod as claimed in claim 14, wherein the cryptographic key informationis a public/private key pair that is compatible with RSA.
 16. The methodas claimed in claim 15, further including making the public keyavailable for certification purposes.
 17. The method as claimed in claim12 and in which the steps are automatically taken within an internalcircuit of the mobile device, by operating a controller circuitconfigured during a manufacturing phase of the mobile device, during apost manufacturing phase of the mobile device after enclosure of theinternal circuit within the mobile device.
 18. A method of providing adevice with cryptographic data, the method comprising: placing thedevice in a low-power mode in which an onboard power supply circuit ofthe device only powers a cryptographic circuit of the device; generatingthe cryptographic data, with the cryptographic circuit, thecryptographic data including a key pair with both a public key and aprivate key; and in response to the generation of the cryptographicdata, electrically disabling power to the cryptographic circuit duringoperation of other circuits in the device.
 19. The method as claimed inclaim 18, further including the a step of creating a device certificateof the device subsequent to packaging of the device.
 20. The method asclaimed in claim 19, further including creating the device certificatein response to an external command indicative of a point of sale of thedevice.